// Legal

Privacy
Policy.

How we handle personal data when you contact us, book an Audit, or engage Rapid Reports for a build.

// LAST UPDATED · 26 MAY 2026

1. Who we are

This site is operated by RAPID REPORTS SOFTWARE LTD ("Rapid Reports", "we", "us"), a company registered in England and Wales under company number 15991805, with its registered address in Andover, Hampshire, United Kingdom.

We are the data controller for personal data you submit through this website and the data we collect during an engagement. For privacy questions or to exercise your rights under UK GDPR, contact lidevlin@rapidreports.org.

2. What we collect

We collect personal data in three situations:

When you contact us

  • Name, email address, company name, and phone (if provided).
  • Anything you write in the message body, including descriptions of your workflows and tools.
  • The intent flag attached to your submission (audit, project, question, other).

When you visit the site

  • Standard server logs (IP address, user agent, referrer, requested URL, timestamp), kept for security and abuse detection.
  • Aggregated, anonymised analytics via Vercel Analytics — pageviews, country, device class. No cookies are set for analytics on this site.

When we deliver work for you

  • Business contact details for stakeholders involved in the project.
  • Access credentials, where you choose to share them with us (see our security and data handling page).
  • Sample data, exports, and screenshots you provide to scope or test an automation.
  • Operational data flowing through any automation we build, only insofar as it is necessary to develop, test, and support that automation.

3. Why we use it (lawful basis)

  • Performance of a contract — to deliver an Audit, Sprint, Foundation, Scale, or Retainer engagement that you have agreed to.
  • Legitimate interests — to respond to enquiries, send the written Audit summary you requested, follow up on a quote, keep the site secure, and run the business.
  • Consent — if you opt in to a mailing list (we will ask explicitly).
  • Legal obligation — to comply with UK tax, accounting, and statutory record-keeping requirements (HMRC, Companies House).

We do not sell personal data. We do not use it for advertising profiling. We do not share it with third parties except the processors listed below.

4. Sub-processors and tools we use

We keep the list short and avoid moving personal data through tools that do not need it. Current processors:

  • Vercel Inc. — site hosting and basic analytics. Data is processed in the EU/UK and US under standard contractual clauses.
  • Resend — transactional email delivery for contact-form notifications and confirmations. Email content is transmitted via Resend infrastructure.
  • Google Workspace — business email and document storage for engagement communications.
  • Calendly — when you book a call through our scheduling link, Calendly processes your name, email, and chosen time slot.
  • 1Password — credential sharing during an active engagement, where required.

If we add a processor that materially changes how your data is handled, we will update this list.

5. How long we keep it

  • Enquiries that do not lead to an engagement — up to 24 months, then deleted.
  • Engagement records (proposals, SOWs, audit reports) — 6 years from the end of the engagement, as required by HMRC for tax records.
  • Server logs — 30 days.
  • Backups — rolling 30-day window, then overwritten.

You can ask us to delete your personal data sooner; we will do so unless we are legally required to keep it.

6. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Correct anything that is inaccurate.
  • Ask us to delete it (subject to legal retention requirements).
  • Object to or restrict our use of it.
  • Receive a copy in a portable format.
  • Complain to the UK Information Commissioner's Office at ico.org.uk.

Email lidevlin@rapidreports.org to exercise any of these rights. We respond within 30 days.

7. Cookies

This site does not set marketing or tracking cookies. We use Vercel Analytics in cookieless mode. If we add cookies in future (for example, to remember a preference), we will publish a cookie notice and ask for consent where required.

8. International transfers

Some of our processors (Vercel, Resend, Google) operate infrastructure outside the UK. Where personal data is transferred outside the UK, the transfer is covered by the UK International Data Transfer Addendum to the EU Standard Contractual Clauses or by an equivalent safeguard.

9. Security

Detail on how we handle credentials, system access, and client data during a build is on our data handling and security page. In short: shared password-manager vaults for credentials, least-privilege access, no copies of client data on our laptops once an engagement ends, and access revoked at handoff.

10. Changes to this policy

We update this page when our practices change. The "last updated" date at the top reflects the most recent revision. Material changes will also be notified by email to active engagement contacts.

11. Contact

RAPID REPORTS SOFTWARE LTD
Company number: 15991805
Andover, Hampshire, United Kingdom
Email: lidevlin@rapidreports.org

Terms of service →·How we handle your data →